2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 #include "qemu-common.h"
11 #include "qemu-option.h"
12 #include "qemu-config.h"
15 #include "scsi-disk.h"
21 #define DPRINTF(fmt, ...) \
22 do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
24 #define DPRINTF(fmt, ...) do {} while(0)
28 #define MassStorageReset 0xff
29 #define GetMaxLun 0xfe
32 USB_MSDM_CBW, /* Command Block. */
33 USB_MSDM_DATAOUT, /* Tranfer data to device. */
34 USB_MSDM_DATAIN, /* Transfer data from device. */
35 USB_MSDM_CSW /* Command Status. */
52 /* For async completion. */
73 static const uint8_t qemu_msd_dev_descriptor[] = {
74 0x12, /* u8 bLength; */
75 0x01, /* u8 bDescriptorType; Device */
76 0x00, 0x01, /* u16 bcdUSB; v1.0 */
78 0x00, /* u8 bDeviceClass; */
79 0x00, /* u8 bDeviceSubClass; */
80 0x00, /* u8 bDeviceProtocol; [ low/full speeds only ] */
81 0x08, /* u8 bMaxPacketSize0; 8 Bytes */
83 /* Vendor and product id are arbitrary. */
84 0x00, 0x00, /* u16 idVendor; */
85 0x00, 0x00, /* u16 idProduct; */
86 0x00, 0x00, /* u16 bcdDevice */
88 0x01, /* u8 iManufacturer; */
89 0x02, /* u8 iProduct; */
90 0x03, /* u8 iSerialNumber; */
91 0x01 /* u8 bNumConfigurations; */
94 static const uint8_t qemu_msd_config_descriptor[] = {
96 /* one configuration */
97 0x09, /* u8 bLength; */
98 0x02, /* u8 bDescriptorType; Configuration */
99 0x20, 0x00, /* u16 wTotalLength; */
100 0x01, /* u8 bNumInterfaces; (1) */
101 0x01, /* u8 bConfigurationValue; */
102 0x00, /* u8 iConfiguration; */
103 0xc0, /* u8 bmAttributes;
108 0x00, /* u8 MaxPower; */
111 0x09, /* u8 if_bLength; */
112 0x04, /* u8 if_bDescriptorType; Interface */
113 0x00, /* u8 if_bInterfaceNumber; */
114 0x00, /* u8 if_bAlternateSetting; */
115 0x02, /* u8 if_bNumEndpoints; */
116 0x08, /* u8 if_bInterfaceClass; MASS STORAGE */
117 0x06, /* u8 if_bInterfaceSubClass; SCSI */
118 0x50, /* u8 if_bInterfaceProtocol; Bulk Only */
119 0x00, /* u8 if_iInterface; */
121 /* Bulk-In endpoint */
122 0x07, /* u8 ep_bLength; */
123 0x05, /* u8 ep_bDescriptorType; Endpoint */
124 0x81, /* u8 ep_bEndpointAddress; IN Endpoint 1 */
125 0x02, /* u8 ep_bmAttributes; Bulk */
126 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
127 0x00, /* u8 ep_bInterval; */
129 /* Bulk-Out endpoint */
130 0x07, /* u8 ep_bLength; */
131 0x05, /* u8 ep_bDescriptorType; Endpoint */
132 0x02, /* u8 ep_bEndpointAddress; OUT Endpoint 2 */
133 0x02, /* u8 ep_bmAttributes; Bulk */
134 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
135 0x00 /* u8 ep_bInterval; */
138 static void usb_msd_copy_data(MSDState *s)
142 if (len > s->scsi_len)
144 if (s->mode == USB_MSDM_DATAIN) {
145 memcpy(s->usb_buf, s->scsi_buf, len);
147 memcpy(s->scsi_buf, s->usb_buf, len);
154 if (s->scsi_len == 0) {
155 if (s->mode == USB_MSDM_DATAIN) {
156 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
157 } else if (s->mode == USB_MSDM_DATAOUT) {
158 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
163 static void usb_msd_send_status(MSDState *s)
165 struct usb_msd_csw csw;
167 csw.sig = cpu_to_le32(0x53425355);
168 csw.tag = cpu_to_le32(s->tag);
169 csw.residue = s->residue;
170 csw.status = s->result;
171 memcpy(s->usb_buf, &csw, 13);
174 static void usb_msd_command_complete(SCSIBus *bus, int reason, uint32_t tag,
177 MSDState *s = DO_UPCAST(MSDState, dev.qdev, bus->qbus.parent);
178 USBPacket *p = s->packet;
181 fprintf(stderr, "usb-msd: Unexpected SCSI Tag 0x%x\n", tag);
183 if (reason == SCSI_REASON_DONE) {
184 DPRINTF("Command complete %d\n", arg);
185 s->residue = s->data_len;
186 s->result = arg != 0;
188 if (s->data_len == 0 && s->mode == USB_MSDM_DATAOUT) {
189 /* A deferred packet with no write data remaining must be
190 the status read packet. */
191 usb_msd_send_status(s);
192 s->mode = USB_MSDM_CBW;
195 s->data_len -= s->usb_len;
196 if (s->mode == USB_MSDM_DATAIN)
197 memset(s->usb_buf, 0, s->usb_len);
200 if (s->data_len == 0)
201 s->mode = USB_MSDM_CSW;
204 usb_packet_complete(p);
205 } else if (s->data_len == 0) {
206 s->mode = USB_MSDM_CSW;
211 s->scsi_buf = s->scsi_dev->info->get_buf(s->scsi_dev, tag);
213 usb_msd_copy_data(s);
214 if (s->usb_len == 0) {
215 /* Set s->packet to NULL before calling usb_packet_complete
216 because annother request may be issued before
217 usb_packet_complete returns. */
218 DPRINTF("Packet complete %p\n", p);
220 usb_packet_complete(p);
225 static void usb_msd_handle_reset(USBDevice *dev)
227 MSDState *s = (MSDState *)dev;
230 s->mode = USB_MSDM_CBW;
233 static int usb_msd_handle_control(USBDevice *dev, int request, int value,
234 int index, int length, uint8_t *data)
236 MSDState *s = (MSDState *)dev;
240 case DeviceRequest | USB_REQ_GET_STATUS:
241 data[0] = (1 << USB_DEVICE_SELF_POWERED) |
242 (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
246 case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
247 if (value == USB_DEVICE_REMOTE_WAKEUP) {
248 dev->remote_wakeup = 0;
254 case DeviceOutRequest | USB_REQ_SET_FEATURE:
255 if (value == USB_DEVICE_REMOTE_WAKEUP) {
256 dev->remote_wakeup = 1;
262 case DeviceOutRequest | USB_REQ_SET_ADDRESS:
266 case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
269 memcpy(data, qemu_msd_dev_descriptor,
270 sizeof(qemu_msd_dev_descriptor));
271 ret = sizeof(qemu_msd_dev_descriptor);
274 memcpy(data, qemu_msd_config_descriptor,
275 sizeof(qemu_msd_config_descriptor));
276 ret = sizeof(qemu_msd_config_descriptor);
279 switch(value & 0xff) {
289 /* vendor description */
290 ret = set_usb_string(data, "QEMU " QEMU_VERSION);
293 /* product description */
294 ret = set_usb_string(data, "QEMU USB HARDDRIVE");
298 ret = set_usb_string(data, "1");
308 case DeviceRequest | USB_REQ_GET_CONFIGURATION:
312 case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
315 case DeviceRequest | USB_REQ_GET_INTERFACE:
319 case DeviceOutRequest | USB_REQ_SET_INTERFACE:
322 case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
323 if (value == 0 && index != 0x81) { /* clear ep halt */
328 /* Class specific requests. */
329 case MassStorageReset:
330 /* Reset state ready for the next CBW. */
331 s->mode = USB_MSDM_CBW;
346 static void usb_msd_cancel_io(USBPacket *p, void *opaque)
348 MSDState *s = opaque;
349 s->scsi_dev->info->cancel_io(s->scsi_dev, s->tag);
354 static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
356 MSDState *s = (MSDState *)dev;
358 struct usb_msd_cbw cbw;
359 uint8_t devep = p->devep;
360 uint8_t *data = p->data;
371 fprintf(stderr, "usb-msd: Bad CBW size");
374 memcpy(&cbw, data, 31);
375 if (le32_to_cpu(cbw.sig) != 0x43425355) {
376 fprintf(stderr, "usb-msd: Bad signature %08x\n",
377 le32_to_cpu(cbw.sig));
380 DPRINTF("Command on LUN %d\n", cbw.lun);
382 fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
385 s->tag = le32_to_cpu(cbw.tag);
386 s->data_len = le32_to_cpu(cbw.data_len);
387 if (s->data_len == 0) {
388 s->mode = USB_MSDM_CSW;
389 } else if (cbw.flags & 0x80) {
390 s->mode = USB_MSDM_DATAIN;
392 s->mode = USB_MSDM_DATAOUT;
394 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
395 s->tag, cbw.flags, cbw.cmd_len, s->data_len);
397 s->scsi_dev->info->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
398 /* ??? Should check that USB and SCSI data transfer
400 if (s->residue == 0) {
401 if (s->mode == USB_MSDM_DATAIN) {
402 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
403 } else if (s->mode == USB_MSDM_DATAOUT) {
404 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
410 case USB_MSDM_DATAOUT:
411 DPRINTF("Data out %d/%d\n", len, s->data_len);
412 if (len > s->data_len)
418 usb_msd_copy_data(s);
420 if (s->residue && s->usb_len) {
421 s->data_len -= s->usb_len;
422 if (s->data_len == 0)
423 s->mode = USB_MSDM_CSW;
427 DPRINTF("Deferring packet %p\n", p);
428 usb_defer_packet(p, usb_msd_cancel_io, s);
437 DPRINTF("Unexpected write (len %d)\n", len);
447 case USB_MSDM_DATAOUT:
448 if (s->data_len != 0 || len < 13)
450 /* Waiting for SCSI write to complete. */
451 usb_defer_packet(p, usb_msd_cancel_io, s);
457 DPRINTF("Command status %d tag 0x%x, len %d\n",
458 s->result, s->tag, len);
464 usb_msd_send_status(s);
465 s->mode = USB_MSDM_CBW;
469 case USB_MSDM_DATAIN:
470 DPRINTF("Data in %d/%d\n", len, s->data_len);
471 if (len > s->data_len)
476 usb_msd_copy_data(s);
478 if (s->residue && s->usb_len) {
479 s->data_len -= s->usb_len;
480 memset(s->usb_buf, 0, s->usb_len);
481 if (s->data_len == 0)
482 s->mode = USB_MSDM_CSW;
486 DPRINTF("Deferring packet %p\n", p);
487 usb_defer_packet(p, usb_msd_cancel_io, s);
496 DPRINTF("Unexpected read (len %d)\n", len);
502 DPRINTF("Bad token\n");
511 static void usb_msd_handle_destroy(USBDevice *dev)
513 MSDState *s = (MSDState *)dev;
515 s->scsi_dev->info->destroy(s->scsi_dev);
516 drive_uninit(s->dinfo->bdrv);
520 static int usb_msd_initfn(USBDevice *dev)
522 MSDState *s = DO_UPCAST(MSDState, dev, dev);
524 if (!s->dinfo || !s->dinfo->bdrv) {
525 qemu_error("usb-msd: drive property not set\n");
529 s->dev.speed = USB_SPEED_FULL;
530 s->bus = scsi_bus_new(&s->dev.qdev, 0, 1, usb_msd_command_complete);
531 s->scsi_dev = scsi_bus_legacy_add_drive(s->bus, s->dinfo, 0);
532 usb_msd_handle_reset(dev);
536 USBDevice *usb_msd_init(const char *filename)
547 /* parse -usbdevice disk: syntax into drive opts */
548 snprintf(id, sizeof(id), "usb%d", nr++);
549 opts = qemu_opts_create(&qemu_drive_opts, id, 0);
551 p1 = strchr(filename, ':');
555 if (strstart(filename, "format=", &p2)) {
556 int len = MIN(p1 - p2, sizeof(fmt));
557 pstrcpy(fmt, len, p2);
558 qemu_opt_set(opts, "format", fmt);
559 } else if (*filename != ':') {
560 printf("unrecognized USB mass-storage option %s\n", filename);
566 printf("block device specification needed\n");
569 qemu_opt_set(opts, "file", filename);
570 qemu_opt_set(opts, "if", "none");
572 /* create host drive */
573 dinfo = drive_init(opts, NULL, &fatal_error);
579 /* create guest device */
580 dev = usb_create(NULL /* FIXME */, "QEMU USB MSD");
581 qdev_prop_set_drive(&dev->qdev, "drive", dinfo);
582 qdev_init(&dev->qdev);
587 BlockDriverState *usb_msd_get_bdrv(USBDevice *dev)
589 MSDState *s = (MSDState *)dev;
591 return s->dinfo->bdrv;
594 static struct USBDeviceInfo msd_info = {
595 .qdev.name = "QEMU USB MSD",
596 .qdev.alias = "usb-storage",
597 .qdev.size = sizeof(MSDState),
598 .init = usb_msd_initfn,
599 .handle_packet = usb_generic_handle_packet,
600 .handle_reset = usb_msd_handle_reset,
601 .handle_control = usb_msd_handle_control,
602 .handle_data = usb_msd_handle_data,
603 .handle_destroy = usb_msd_handle_destroy,
604 .qdev.props = (Property[]) {
605 DEFINE_PROP_DRIVE("drive", MSDState, dinfo),
606 DEFINE_PROP_END_OF_LIST(),
610 static void usb_msd_register_devices(void)
612 usb_qdev_register(&msd_info);
614 device_init(usb_msd_register_devices)
projects / qemu / blob